More is Less: Extra Features in Contactless Payments Break Security

Channel:
Microsoft Research
Subscribers:
351,000
Published on ● Video Link: https://www.youtube.com/watch?v=EyUyh9HDOi4


Duration: 0:00
345 views
23

The EMV contactless payment system has many independent parties: payment providers, terminal companies, smartphone companies, banks and regulators. EMVCo publishes a 15 book specification that these companies use to operate together. However, many of these parties have independently added additional features, such as Square restricting offline readers to phone transactions only, Apple, Google and Samsung implementing transit modes and Visa and Mastercard complying with regional regulations on high value contactless payments. We investigate these features, and find that these parties have been independently retrofitting and overloading the core EMV specification. Subtle interactions and mismatches between the different companies' additions lead to a range of vulnerabilities, making it possible to bypass restrictions to smartphone only payments, make unauthenticated high value transactions offline, and use a cloned card to make a £25000 transaction offline. To find fixes, we build formal models of the EMV protocol with the new features we investigated and test different possible solutions. We have engaged with EMV stakeholders and worked with the company Square to implement these fixes.

Speakers: Tom Chothia (University of Birmingham) and George Pavlides (Surrey Centre for Cyber Security, University of Surrey)



Other Videos By Microsoft Research


2025-09-24A Formal Analysis of Apple’s iMessage PQ3 Protocol
2025-09-24Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability
2025-09-24A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models
2025-09-24‘Hey mum, I dropped my phone down the toilet’: Investigating Hi Mum and Dad SMS Scams in the UK
2025-09-24Dehumanizing machines: Making sense of AI systems that seem human
2025-09-24Scalable emulation of protein equilibrium ensembles with BioEmu
2025-09-24Disrupting the AI infrastructure with MicroLEDs
2025-09-24Dion: The distributed orthonormal update revolution is here
2025-09-24Pushing boundaries of complex reasoning in small language models
2025-09-22zk-promises: Anonymous Moderation, Reputation, & Blocking from Anonymous Credentials with Callbacks
2025-09-22More is Less: Extra Features in Contactless Payments Break Security
2025-09-18Sub-Population Identification of Multi-morbidity in Sub-Saharan African Populations
2025-09-03Echoes in GenAI generations
2025-08-27Six Years of Rowhammer: Breakthroughs and Future Directions
2025-08-25Sub-Population Identification of Multi-morbidity in Sub-Saharan African Populations
2025-08-19MindJourney: Test-Time Scaling with World Models for Spatial Reasoning
2025-08-11Medical Bayesian Kiosk (2010)
2025-08-07Reimagining healthcare delivery and public health with AI
2025-08-05VeriTrail: Detect hallucination and trace provenance in AI workflows
2025-07-31Computational models for brain science
2025-07-30VoluMe: Authentic 3D Video Calls from Live Gaussian Splat Prediction